--- kioslave/ftp/ftp.cc
+++ kioslave/ftp/ftp.cc
@@ -58,6 +58,7 @@
#include <kmimemagic.h>
#include <kmimetype.h>
#include <ksockaddr.h>
+#include <ksocketaddress.h>
#include <kio/ioslave_defaults.h>
#include <kio/slaveconfig.h>
#include <kremoteencoding.h>
@@ -835,7 +836,6 @@ bool Ftp::ftpSendCmd( const QCString& cm
  return true;
}

-
/*
 * ftpOpenPASVDataConnection - set up data connection, using PASV mode
 *
@@ -853,6 +853,8 @@ int Ftp::ftpOpenPASVDataConnection()
  if (sa != NULL && sa->family() != PF_INET)
    return ERR_INTERNAL;       // no PASV for non-PF_INET connections

+  const KInetSocketAddress *sin = static_cast<const KInetSocketAddress*>(sa);
+
  if (m_extControl & pasvUnknown)
    return ERR_INTERNAL;       // already tried and got "unknown command"

@@ -886,14 +888,17 @@ int Ftp::ftpOpenPASVDataConnection()
  }

  // Make hostname and port number ...
-  QString host;
-  host.sprintf("%d.%d.%d.%d", i[0], i[1], i[2], i[3]);
  int port = i[4] << 8 | i[5];

+  // we ignore the host part on purpose for two reasons
+  // a) it might be wrong anyway
+  // b) it would make us being suceptible to a port scanning attack
+
  // now connect the data socket ...
  m_data = new FtpSocket("PASV");
-  m_data->setAddress(host, port);
-  kdDebug(7102) << "Connecting to " << host << " on port " << port << endl;
+  m_data->setAddress(sin->nodeName(), port);
+
+  kdDebug(7102) << "Connecting to " << sin->nodeName() << " on port " << port << endl;
  return m_data->connectSocket(connectTimeout(), false);
}

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.